Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixes for various btest issues

Browse source 
- Fix handling of truncated ethernet headers, fix core.truncation test output
- Update commit hashes for external private test repo
This commit is contained in:
Tim Wojtulewicz 2020-07-13 16:46:39 -07:00
parent 1c3ded7dd5
commit 08ceea8de1
3 changed files with 25 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/packet_analysis/protocol/default/Default.cc
View file

@ -17,7 +17,7 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
// Assume we're pointing at IP. Just figure out which version.
if ( pdata + sizeof(struct ip) >= packet->GetEndOfData() )
{
packet->Weird("default_ll_analyser_failed");
packet->Weird("packet_analyzer_truncated_header");
return { AnalyzerResult::Failed, 0 };
}

8
src/packet_analysis/protocol/ethernet/Ethernet.cc
View file

@ -15,6 +15,14 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
auto& pdata = packet->cur_pos;
auto end_of_data = packet->GetEndOfData();
// Make sure that we actually got an entire ethernet header before trying
// to pull bytes out of it.
if ( pdata + 16 >= end_of_data )
{
packet->Weird("truncated_ethernet_frame");
return { AnalyzerResult::Failed, 0 };
}
// Skip past Cisco FabricPath to encapsulated ethernet frame.
if ( pdata[12] == 0x89 && pdata[13] == 0x03 )
{